Block Direct IP Access to Websites
Web filters prevent website access if using an IP address instead of a domain name.
Plain language
This control means stopping people from visiting websites using IP addresses instead of the usual website names. It's important because some bad actors try to bypass security filters by using these numerical addresses directly, which could lead to data theft or malware infections.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for gatewaysSection
Web content filtersOfficial control statement
Attempts to access websites through their IP addresses instead of their domain names are blocked by web content filters.
Why it matters
By blocking direct IP access, organisations prevent attackers from bypassing DNS-based content filters, reducing exposure to phishing and malware sites.
Operational notes
Keep web filter rules current; ensure IP-based URL requests are blocked, logged, and reviewed so attempts to bypass domain filtering are detected.
Implementation tips
- IT teams should set up web content filtering tools. Choose a reliable web filtering service that specifically blocks direct IP address usage and configure it to treat attempts to access websites by IP as red flags.
- System administrators should carry out regular tests. Use sample IP addresses of known websites to ensure that attempts to access them directly are indeed blocked by the filtering system.
- Business managers should work with the IT team to ensure blocked access policies are communicated effectively. Clearly inform all staff that accessing websites using IP addresses is against company policy and part of the security measures.
- HR should include training on secure browsing habits. Implement regular training sessions that explain the risks of navigating to sites using IP addresses and educate staff on the filtering mechanisms in place.
- Procurement teams should ensure that any new web filtering software purchased supports IP blocking. When evaluating new systems, confirm they offer robust IP filtering and request demonstrations from vendors.
Audit / evidence tips
-
Askproof of the web content filter settings: Request screen captures or reports from the web filter administration interface
GoodClear evidence showing a configured rule that blocks IP-based web access
-
Askrecent log reports of blocked IP access attempts: These should be logs generated by the web filtering system
Goodis a detailed log with timestamps, source IPs, and actions taken
-
Askdocumentation or memo on policy communication: Request the internal memo or policy document circulated to staff regarding web access rules
Goodincludes a formally distributed document with a clear explanation of the rules
-
Asktraining records: Request records or sign-in sheets from training sessions conducted about the control
Goodis a dated record showing attendees and training outlines
-
Askvendor evaluation documents: Request the criteria or checklists used when purchasing web filtering solutions
Goodincludes detailed evaluations that explicitly mention IP blocking capabilities
Cross-framework mappings
How ISM-1171 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.23 | ISM-1171 requires web content filters to block attempts to access websites via direct IP address rather than by domain name | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.